On 2018-02-16 11:51, Sean Whitton wrote: > We cannot feasibly provide security updates when there is more than one > version of the library in the archive. We do not, and probably never > will have, the required manpower. > > This applies to the nixos/guix solutions too -- we cannot expect our > security team to go around backporting patches to all the different > versions we're offering to users.
This is true. We would have to be clear, that security support would have to be limited to one (the latest?) version. This is still a difference to some arbitrary compressed js files with no source code, no copyright information etc. which people use when there is no Debian package at all. But it's probably too much work, preparing infrastructure etc. Anyway, relaxing requirements on source code availability, building from sources with tools within Debian, free license, etc. is not an option for me. Not only in the context of Debian.
signature.asc
Description: PGP signature
